The Trouble With Passwords

Posted September 22, 2020

Passwords, which hold the keys to our digital existence, are insecure and incredibly inefficient. Passwords used across multiple sites are stolen by hackers in one data breach and sold or used to gain access to other sites. The human mind is not equipped to store dozens or properly complex passwords required for our daily internet use. This leads to the common problem of poor password selection. Have you ever been tempted to use the all too common passwords of ‘1234’, ‘password’ or ‘1111’ just to enter something you hope your mind will remember? Those are just a few of the most common passwords still in use.

Moore’s Law observes that the number of transistors in a dense integrated circuit doubles about every two years. This means every two years, a hacker has about twice the brute force password cracking capability they may have had prior. You can find your favorite password length and complexity on the chart below to get an idea of how long it would take to for a hacker to “guess” it through common brute force tactics.

By utilizing a properly complex password, we can keep brute force attacks at bay for years. However, passwords must still be unique across each site and application to mitigate the risks posed by data breaches. This tension between the need for password complexity and our human desire for simplicity consistently holds weak passwords as the #1 security risk in our online lives.

Enter Multi-Factor Authentication (MFA)

Multi-Factor Authentication (MFA) immediately increases account security by requiring multiple forms of verification to prove your identity. Where passwords are a single means of authentication, MFA requires at least two pieces of evidence or factors in order to verify identity. MFA uses any combination of authentication factors across three factor types:

1) Something the user knows

2) Something the user has

3) Something the user is

Something the user knows is often a password or other personally identifiable information like your mother’s maiden name. Something the user has is similar to a key used to open a lock — except in the digital world, those keys are often tokens. And something the user is includes biometric data such as fingerprints, retina scans or even location-based information.

If this all sounds complicated, it really isn’t. A properly configured MFA system will make your life more secure and can make authentication across applications easier. When combined with an access portal, users can leverage MFA single-sign-on (SSO) and receive authentication to multiple applications at once. Watch Alex Cagnoni, Director of Authentication at WatchGuard technologies demonstrate just how easy MFA + SSO can be.

So if you take the security of your data seriously and your mind doesn’t like remembering complex passwords, MFA will simplify your life while better protecting your data.

Kevin Willette

Kevin Willette is Partner / CEO of Verus Corp. His focus is ensuring complete customer satisfaction and providing as much or as little support as is needed for the individual client. Kevin knows that plenty of places do IT services, but what sets Verus Corp apart is the local feeling and the commitment to doing things right the first time. He has always wanted to be a business owner because it affords him the opportunity to offer a service that was better than anything clients had seen before. His true goal is to help customers make their businesses better by removing potential IT barriers. Kevin served as chair for Habitat for Humanity during his time at Minnesota State University, Mankato. He has also served on the WatchGuard Advisory Council since 2016. Kevin’s work with Verus Corp has helped them achieve awards as the WatchGuard Partner of the Year and Cisco Select Partner. Kevin graduated from Minnesota State in 2000 with a major in Business Marketing and minors in Business Administration and Music.